AppIn.No.: 09/874,258 
Amendment dated November 9, 2005 
Reply to Office Action of August 9, 2005 

REMARKS/ARGUMENTS 

At the outset, Applicant wishes to thank the Examiner for the indication that the present 
appHcation contains allowable subject matter. In the Office Action, claims 26, 34-35, 39 and 40 
are indicated as being allowable if rewritten in independent form. 

Upon entry of the present paper, claim 46 is amended, and claims 1-26, 28-41, 46-78 and 
83 remain pending. Aside from the allowable claims identified above, the other claims stand 
rejected as follows: 

• claim 41 stands rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite; 

• claims 1-6, 8-25, 28, 30, 33, 36-38, 46-53, 55-65, 67-78 and 83 stand rejected 
under 35 U.S.C. 102(b) as being anticipated by Muniyappa et al. (U.S. Patent No. 
6,092,200); 

• claims 7, 29, 54 and 66 stand rejected under 35 U.S.C. 103(a) as being obvious in 
view of Muniyappa et al. : and 

• claims 31-32 stand rejected under 35 U.S.C. 103(a) as being obvious in view of 
an alleged combination of Muniyappa et al. and Genty et al. (U.S. Patent No. 
6,675,225). 

Applicant respectfully traverses these rejections, and respectfully requests 
reconsideration and allowance of the application. 

The Rejection of Claim 41 Under 35 U.S.C. 112, Second Paragraph 

The Office Action submits that this claim is unclear, and requests clarification of the 

difference between the "'VPN parameter in claim 24 and claim 41." Office Action, p. 2. 

Applicant submits that this difference is already clear from the claims, as the claims recite 

whether the referenced VPN parameters are, or are not, in the certificate request. Independent 

claim 24 recites: 

"... the certificate request including at least one VPN 
parameter...," 

and claim 41 , which depends from claim 24, refers to: 
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"... at least one VPN parameter for the VPN device that is not 
contained in the certificate request ..." 

AppHcant respectfully submits that those of ordinary skill in the art would have no trouble 

discerning the scope of these "VPN parameter" recitations. The Office Action also notes that "it 

is not clear w^here the VPN parameter is received from." Office Action, p. 2. Applicant agrees 

that claim 41 does not place any express limitations on a source for the recited step of 

"receiving," but submits that such a source is not necessary for one of ordinary skill to 

understand the scope of the claim. See, e.g.. MPEP §2173.04 ("Breadth is Not Indefiniteness"). 

Independent Claim 1 and Dependent Claims 2-15 

In rejecting claim 1, the Office Action relies entirely on Muniyappa et al. . alleging that 
Muniyappa et al. discloses each and every recited feature. Muniyappa et al. relates to a virtual 
private network system in which a group of selected nodes is divided into a "master" node and a 
plurality of "slave" nodes, where the "master" node is given Diffie-Hellman public cryptography 
keys for the various "slave" nodes, and when the "master" node is manually configured by an 
administrator to establish a network, that node then communicates with the "slave" nodes to 
establish secret keys to be used among the nodes, thereby establishing a VPN among those 
nodes. See, e.g., Mvmiyappa et al. , col. 5, lines 26-63. Mimiyappa et al. states that the advantage 
of its system lies in the fact that only the "master" node needs to be configured by the 
administrator, the "slave" nodes are configured by the "master" node. Muniyappa et al., col. 2, 
lines 46-50 and col. 5, lines 26-36. Muniyappa et al. , however, fails to teach or suggest the novel 
method recited in claim 1 . 

For example, independent claim 1 recites, among other features, a step of "receiving a 
reply at the first VPN device from the second VPN device, the reply including a second signed 
certificate having at least one verified VPN parameter for the second VPN device." In rejecting 
claim 1 as anticipated, the Office Action cites the subsequent communications between nodes. 
'(Office Action, p. 2, citing Muniyappa et al. col. 2, lines 44-63). The Muniyappa et al. nodes do 
not perform such a step in their cited communication. To the contrary, the nodes in the 
Muniyappa et al. network communicate using a Diffie-Hellman technique, which Muniyappa et 
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ah explains is an unsigned public key technique. Muniyappa et al. . col. 5, lines 13-15 ("The 
Diffie-Hellman technique is a public key technique. It is a higher speed technique than RSA, but 
does not enable the signing of messages for authentication purposes .") (emphasis added). The 
cited Muniyappa et al. node communications are not, and do not teach or suggest, a reply at the 
first VPN device from the second VPN device, the reply including a "second signed certificate 
having at least one verified VPN parameter for the second VPN device," as recited in claim 1 . 

The Office Action does not specifically identify an alleged teaching of a "second signed 
certificate," as claimed. If this rejection is to be maintained. Applicant requests clarification as 
to where Muniyappa et al. teaches, for 35 U.S.C. 102(b) purposes, such a reply with the second 
signed certificate. 

Applicant submits that claim 1 distinguishes over Muniyappa et al.. and that none of the 
other art of record overcomes this deficiency. Claims 2-15 depend from claim 1, and are 
distinguishable for at least the same reasons as claim 1, and further in view of the various 
features recited therein. For example, claim 7 recites "[t]he method according to claim 6, 
wherein the source/destination designation includes a wild card designation." The Office Action 
concedes that ''Muniyapa fails to disclose the destination designation includes a wild card 
designation," cites no additional prior art to overcome this admitted deficiency, and yet rejects 
the claim under 35 U.S.C. 103(a). Office Action, p. 19. The Office Action alleges that such a 
feature would have been obvious to one of ordinary skill, but cites nothing to show where such a 
feature is known anywhere in the prior art, and cites nothing to support a motivation or 
suggestion for combining such a feature with Muniyappa et al. , or otherwise modifying 
Muniyappa et al. to have the recited feature. Applicant respectfully submits that without such 
supporting evidence, it is impossible for Applicant to meaningfully respond to the rejection. If 
the rejection is maintained, Applicant respectfully requests that the next Office Action provide 
support for the alleged modification of Muniyappa et al. 

Independent Claim 16 and Dependent Claims 17-23 

Independent claim 16 recites, among other features, a step of "sending a reply to the first 
VPN device from the second VPN device, the reply including a second signed certificate having 
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at least one verified VPN parameter for the second VPN device." The Office Action rejects this 
claim as being anticipated by Munivappa et al.. relying on the same discussion applied against 
claim 1 . Further to the discussion above, the cited Muniyappa et al. communication uses an 
unsigned technique, and does not teach or suggest a step of sending a reply to the first VPN 
device from the second VPN device, the reply including a "second signed certificate having at 
least one verified VPN parameter for the second VPN device," as recited in claim 16. 

None of the other art of record overcomes this deficiency in Muniyappa et al. , and 
Applicant submits that this claim is in condition for allowance. Claims 1 7-23 depend from claim 
16, and are allowable for at least the same reasons as claim 16, and further in view of the various 
features recited therein. 

Independent Claim 24 and Dependent Claims 25-26 and 28-41 

Independent claim 24 recites, among other features, steps of "receiving a signed 
certification from the certification authority, the signed certification containing the at least one 
VPN parameter contained in the certificate requesf ' and "exchanging the signed certificate with 
another VPN device at a selected telecommunications network address." The Office Action 
relies on Muniyappa et al. for all of the claim 24 features. Specifically, the Office Action relies 
on Muniyappa et al. , col. 4, lines 42-56 to show the signed certification. In that cited portion, the 
Muniyappa et al. certification authority 80 generates public and private key pairs for the nodes, 
and provides the private keys to the nodes via an insecure method, such as email or physical 
delivery of a disk. The Office Action does not, however, cite to any portion of Muniyappa et al. 
in which the system performs the claimed step of "exchanging the signed certificate with another 
VPN device at a selected telecommunications network address." No such citafion is possible, 
because Muniyappa et al. fails to teach or suggest this method and this step. As noted above, the 
Muniyappa et al. nodes 20, 22, 24 and 26 communicate via an unsigned method, and there is no 
teaching or suggesfion of their exchanging a signed certificate. In fact, the prior Office Action 
made a similar allegation regarding Muniyappa et al. , and Applicant requested in the prior 
amendment that a subsequent Office Action identify where in Muniyappa et al. such an exchange 
takes place. Applicant respectfully reiterates this request - if this rejection is to be maintained. 
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Applicant requests clarification as to where Muniyappa et al. teaches or suggests such an 
exchange. 

None of the other art of record overcomes this deficiency, and AppHcant submits that 
claim 24 is in condition for allowance. Claims 25-26 and 28-41 depend on claim 24, and are 
allowable for at least the same reasons as claim 24, and further in view of the various features 
recited therein (indeed, the Office Action has indicated that a nimiber of these claims would be 
allowable if written in independent form). For example, claim 29 recites "[t]he method 
according to claim 28, wherein the source and destination name pair includes a wild card 
designation," and in rejecting this claim, the Office Action concedes that Muniyappa et al. fails 
to teach or suggest this feature, but cites nothing in the prior art to overcome this deficiency. 

As another example, claim 3 1 recites "[t]he method according to claim 24, wherein the 
step of establishing the VPN is further based on a Quality of Service parameter." The Office 
Action concedes that Muniyappa et al. fails to disclose this feature, and relies instead on Genty et 
ah, col. 6, lines 30-32. In the cited reference and portion, Genty et al. discusses the general use 
of VPNs, and notes that the VPN is created when needed, and when the connection is no longer 
needed, it is torn down. There is no discussion, teaching, or a suggestion of using a Quality of 
Service parameter in this setting up or tearing down, and Applicant submits that this 
combination, even if proper, fails to teach or suggest establishing a VPN based on a Quality of 
Service Parameter. 

The Office Action cites the same Genty et al. discussion to reject claim 32 as anticipated. 
Claim 32 recites "[t]he method according to claim 24, wherein the step of establishing the VPN 
is further based on a bandwidth limitation parameter," and Applicant submits that the cited 
Genty et al. discussion of setting up and tearing down connections says nothing about whether 
VPN connections are based on a bandwidth limitation parameter, as recited in claim 32. 

Independent Claim 46 and Dependent Claims 47-59 and 83 

Amended independent claim 46 recites, among other features, "a memory containing a 
certificate that has been signed by a certification authority, the signed certificate containing at 
least one VPN parameter for the VPN device that has been verified by the certification authority. 
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and a plurality of pre-authorized name pairs having a local name and a remote name for a VPN." 
The Office Action relies entirely on Muniyappa et al. to reject this claim as anticipated. 
Applicant submits that Muniyappa et al. fails to teach or suggest the device recited in amended 
claim 46. For example, there is no teaching or suggestion of "a plurality of pre-authorized name 
pairs having a local name and a remote name for a VPN." The cited node memories, w^hich are 
said to store public and private keys, are neither taught nor suggested as storing the recited 
plurality of pre-authorized name pairs. 

None of the other art of record overcomes this deficiency, and claim 46 is in condition for 
allowance. Claims 47-59 and 83 depend fi*om claim 46, and are allowable for at least the same 
reasons as claim 46, and further in view of the features recited therein. 

Independent Claim 60 and Dependent Claims 61-74 

Independent claim 60 recites a step of "receiving a reply at the first VPN device from the 
second VPN device, the reply including a second signed certificate having at least one verified 
VPN parameter for the second VPN device." The Office Action relies entirely on Muniyappa et 
al. to reject this claim, as done with claim 1 . For at least the reasons dsicused above with respect 
to claim 1, Applicant submits that Muniyappa et al. fails to teach or suggest the claim 60 
medium, with the step of "receiving a reply at the first VPN device from the second VPN device, 
the reply including a second signed certificate having at least one verified VPN parameter for the 
second VPN device." The Office Action specifically cites Muniyappa et al. col. 5, lines 37-46 to 
show this step of receiving a reply. In that portion of Muniyappa et al., the "master" node 20 
transmits packets to the various "slave" nodes. However, there is no teaching or suggestion here 
that the "master" node 20 (alleged to be the first VPN device) receives the recited reply 
"including a second signed certificate having at least one verified VPN parameter for the second 
VPN device" fi*om any of the "slave" nodes (alleged to be the second VPN device). Indeed, and 
as already discussed above, such inter-node communication in Muniyappa et al. is performed 
using an unsigned method. 

None of the other art of record overcomes this deficiency, and claim 60 is in condition for 
allowance. Claims 61-74 depend from claim 60, and are allowable for at least the same reasons 
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as claim 60, and further in view of the various features recited therein. For example, claim 66 
recites "The computer-readable medium according to claim 65, wherein the source/and 
destination designation includes a wild card designation." As discussed above with respect to 
claim 7, the Office Action admits that Muniyappa et aL does not teach or suggest this feature, but 
cites no other prior art to overcome this deficiency. 

Independent Claim 75 and Dependent Claims 76-78 

Independent claim 75 recites the steps of "receiving a signed certification from the 
certification authority, the signed certification containing the at least one VPN parameter 
contained in the certificate requesf and "exchanging the signed certificate with another VPN 
device at a selected telecommunications network address." The Office Action relies on the same 
analysis applied against claim 24 to reject claim 75, and for the reasons discussed above with 
respect to claim 24, Applicant submits that Muniyappa et al. fails to teach or suggest the claim 
75 computer-readable medium. Claims 76-78 depend from claim 75, and are allowable for at 
least the same reasons as claim 75, and further in view of the features recited therein. For 
example, claim 77 recites "the certificate request includes a range of telecommunications 
network addresses that the VPN device will use as client network addresses for VPNs established 
through the VPN device," which includes similar "range" language found in claim 26, which the 
Office Action indicates as being allowable. In rejecting claim 77, the Office Action refers to 
Muniyappa et al. , col. 5, lines 51-63. That portion refers to the "slave" nodes querying a 
certification authority, and providing the master's address information in that query. That master 
address is the address of the single master node 20, and there is no teaching or suggestion that 
the address (or the "slave" node's query) includes "a range of telecommunications network 
addresses that the VPN device will use as client network addresses for VPNs established through 
the VPN device," as recited. 
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Conclusion 

All rejections having been addressed, Applicant respectfully submits that the instant 
application is in condition for allowance, and respectfully solicits prompt notification of the 
same. However, if for any reason the Examiner believes the application is not in condition for 



allowance or there are any questions, the examiner is requested to contact the undersigned at 
(202) 824-3154. 



Respectfully submitted, 
BANNER & WITCOFF, LTD. 



Dated November 9, 2005 



By: 




1001 G Street, N.W. 
Washington, D.C. 20001-4597 
Tel: (202) 824-3000 
Fax: (202) 824-3001 
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